LLOYD et al 

Appl. No. 10/705,242 

May 21, 2007 

AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A directory system for providing directory services 
in a communications network using stored directory objects , the directory system 
including a plurality of memory segments for storing r e sp e ctiv e subsets of dir e ctory data 
for e ach dir e ctory object comprising: 

a network interface providing access to the directory system from a 
communications network; 

memory means; and 

at least one processor; 

wherein directory objects are stored in said memory means as directory data, said 
directory data including: 

attribute data representing attributes of said directory objects, 

directory information tree (PIT) data representing a hierarchical directory 
tree structure for said directory objects, and 

management data for managing said directory objects; and 
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wherein portions of said memory means constitute memory segments dedicated to 
storage of corresponding subsets of said directory data, said memory segments including 
one or more attribute segments, each of said attribute segments being dedicated to storage 
of (a) attribute data for a plurality of directory objects, (b) one or more PIT segments, 
each of said PIT segments being dedicated to storage of PIT data for a plurality of 
directory objects, and (c) one or more object segments, each of said object segments 
being dedicated to storage of management data for a plurality of directory objects . 

2. (Currently Amended) A directory system as claimed in claim 1, wherein 
said plurality o f directory system is configured to allocate portions of said memory means 
to provide said memory segments includ e s a plurality of attribute segments for storing 
attribute data for directory objects . 

3. (Currently Amended) A directory system as claimed in claim 2J_, wherein 
each of said attribute segments includes one or more attribute sub-segments fer 
sterffl gdedicated to storage of attribute data for respective object classes. 

4. (Currently Amended) A directory system as claimed in claim 21, wherein 
each of said attribute segments includes one or more attribute sub-segments dedicated to 
storage o f for storing attribute data for respective attribute types. 

5. (Currently Amended) A directory system as claimed in claim 21, wherein 
each of said attribute segments includes one or more attribute sub-segments dedicated to 
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storage o f , e ach of said attribute sub s e gments including attribut e cells for s toring 
attribute data for attributes of the sam e respective attribute types. 

6. (Original) A directory system as claimed in claim 1, wherein said attribute 
segments store attribute data for respective portions of a directory information tree (DIT). 

7. (Currently Amended) A directory system as claimed in claim 21 , wherein 
the attribute data stored in said plurality o f one or more attribute segments may be are 
grouped according to one or more of object class, attribute type, attribute, and portion of 
a DIT. 

8. (Currently Amended) A directory system as claimed in claim 5, wherein 
said attribute data includes a normalized attribute value and a hash value for each 
attribute value in said attribute cells . 

9. (Currently Amended) A directory system as claimed in claim 8, wherein 
the directory syste m is adapted to generates and stores a hash value for each relative 
distinguished name in said attribute ee fesub-segments . 

10. (Original) A directory system as claimed in claim 5, wherein said attribute 
data includes a context prefix identifier of a corresponding entry, and a relative 
distinguished name identifier of said entry. 
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1 1 . (Original) A directory system as claimed in claim 5, wherein said attribute 
data includes data indicating whether each of said attributes is associated with one or 
more other attributes. 

12. (Original) A directory system as claimed in claim 5, wherein said attribute 
data includes data indicating whether each of said attributes is a sponsoring attribute for 
one or more other attributes. 

13. (Currently Amended) A directory system as claimed in claim 21, wherein 
attributes having the same object naming characteristics are stored together. 

14. (Original) A directory system as claimed in claim 13, wherein the object 
naming characteristics of an attribute correspond to one of distinguished attributes, 
aliased distinguished names, and non-naming attributes. 

15. (Currently Amended) A directory system as claimed in claim 21, wherein 
attributes having the same directory information characteristics are stored together. 

16. (Currently Amended) A directory system as claimed in claim 15, wherein 
the directory information characteristics of an attribute correspond to one of collective 
attributes, compound attributes, attributes of Compound compound attributes, 
X.500/LDAP operational attributes, user operational attributes, sponsoring attributes, and 
other attributes. 

* 
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17. Cancelled. 

4 

1 8. (Currently Amended) A directory system as claimed in claim 4-?J_, wherein 
said management data includes security data. 

19. (Currently Amended) A directory system as claimed in claim 4-71, wherein 
said object segments include a first object segment for storing distinct name binding rules 
for directory objects, and at least one second object segment for storing other object data 
for said directory objects. 

20. (Currently Amended) A directory system as claimed in claim wherein 
said object segments include a first object segment for storing access control data for 
directory objects, and at least one second object segment for storing other object data for 
said directory objects. 

2 1 . (Original) A directory system as claimed in claim 20, wherein the directory 
system is adapted to generate one or more access control identifiers for a user on the basis 
of access configuration information for said user, and to determine said user's access to a 
directory object on the basis of access control identifiers associated with said object and 
said user. 

22. (Original) A directory system as claimed in claim 2 1 , wherein said one or 

more access control identifiers identify one or more of a specific user, a group of users, 
and a generic user. 
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23. (Original) A directory system as claimed in claim 2 1 , wherein each access 
control identifier includes respective components for accessing a selected DIT, for 
performing a selected directory operation, for accessing a selected attribute group, and for 
accessing a selected attribute type. 

24. (Original) A directory system as claimed in claim 21, wherein said access 
control data includes one or more access control identifiers for each directory object, and 
hierarchical access data defining access to a DIT, a directory operation, an attribute 
group, and an attribute type. 

25. (Currently Amended) A directory system as claimed in claim 4^1_, wherein 
each of said object segments includes one or more object sub-segments, each of said 
object sub-segments including object cells for storing DIT schema data and access 
control data for controlling access to a DIT or a portion of a DIT. 

26. (Original) A directory system as claimed in claim 24, wherein said access 
control data includes one or more numeric access control identifiers. 

27. (Currently Amended) A directory system as claimed in claim 25, wherein 
the directory syste m is adapt e d to generates access control identifiers on the basis of user 
configuration data specifying user access to one or more parts of a DIT and-te stores said 
access control identifiers in object sub-segment cells corresponding to said one or more 
parts of said DIT. 
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28. (Currently Amended) A directory system as claimed in claim 20, wherein; 

the directory system is adapted to generates a directory operation access control 
identifier for use in determining whether a user is granted access to perform a selected 
directory operation on a selected attribute type in a selected portion of a DIT, said 
directory operation access control identifier identifying said directory operation, said 
portion of said DIT and said attribute type, and 

the directory syste m is adapted to determines whether said access is granted on the 
basis of a comparison of said directory operation access control identifier with one or 
more access control identifiers associated with one or more of said portion of said DIT, 
said attribute type, and an attribute type group including said attribute type. 

29. (Currently Amended) A directory system as claimed in claim 20, wherein: 

the directory syste m is adapted to generates one or more access control identifiers 
for a user on the basis of access configuration information for said user, and 

a trusted operating system is used to determine said user's access to a directory 
object on the basis of access control identifiers associated with said object and said user. 

30. (Currently Amended) A directory system as claimed in claim 20, wherein; 

the directory syste m is adapted to generates one or more access control identifiers 
for a user on the basis of access configuration information for said user, and 
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the directory system includes an attribute processor adapted to determine said 
user's access to a directory object on the basis of access control identifiers associated 
with said object and said user. 

3 1 . Cancelled. 

32. (Currently Amended) A directory system as claimed in claim 34-J_, wherein 
each DIT segment includes one or more DIT sub-segments, each of said DIT sub- 
segments including DIT cells-fer storing references to non-leaf entries of a directory tree. 

33. (Currently Amended) A directory system as claimed in claim 34-32, 
wherein said DIT sub-segments store references to respective portions of a DIT. 

34. (Currently Amended) A directory system as claimed in claim 5233, 
wherein said portions correspond to selected portions of a DIT having a flat namespace. 

35. (Original) A directory system as claimed in claim 32, wherein two or more 
DIT sub-segments represent portions of a DIT having a flat namespace. 

36. (Currently Amended) A directory system as claimed in claim-34 35, 
wherein two or more of said DIT sub-segments store references to a selected portion of a 
DIT. 

37. (Currently Amended) A directory system as claimed in claim 34-36, 
wherein each of said references includes a name and a prefix. 
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38. (Original) A directory system as claimed in claim 36, wherein each of said 
references includes a distinguished name prefix and a hash value for said distinguished 
name prefix. 

39. (Original) A directory system as claimed in claim 27, wherein one or more 
of said DIT sub-segments includes one or more access control identifiers for controlling 
access to a corresponding DIT sub-segment. 

40. Cancelled. 

41 . (Currently Amended) A directory system as claimed in claim 401, wherein 
each of said DIT segments identifies one or more object segments having stored therein 
management data for objects of the DIT segment, and one or more attribute segments 
having stored therein attribute data for said objects. 

42. (Currently Amended) A directory system as claimed in claim 401, wherein 
said management data includes name binding rules and access control data for said 
directory objects. 

43. (Original) A directory system as claimed in claim 1, wherein said plurality 
of memory segments includes a plurality of transaction segments for storing transaction 
data representing phases of a directory transaction to allow recovery of said directory 
transaction. 
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44. (Original) A directory system as claimed in claim 43, including a 
transaction management component for updating said transaction data during said phases 
of a directory transaction. 

45. (Original) A directory system as claimed in claim 44, wherein said 
transaction management component is adapted to recover directory data on the basis of 
said transaction data. 

46. (Original) A directory system as claimed in claim 1, wherein said plurality 
of memory segments includes at least one adaptation segment for storing adaptation data 
representing the usage of said memory segments. 

47. (Original) A directory system as claimed in claim 46, wherein said 
adaptation data represents the organisation of directory data stored in said plurality of 
memory segments. 

48. (Original) A directory system as claimed in claim 1, including an 
adaptation component for automatically reconfiguring said memory segments on the 
basis of usage of said memory segments. 

49. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating one or more portions of said directory data on the 
basis of access frequencies for said one or more portions of said directory data. 
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50. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating one or more portions of said directory data on the 
basis of the number of instances of an entity of said directory data in a region of memory. 

5 1 . (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating instances of an attribute type from a name space into 
two or more regions of memory. 

52. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating instances of an object class into two or more regions 
of memory. 

53. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes segregating one or more portions of said directory data on the 
basis of access control data for said one or more portions of said directory data. 

54. (Original) A directory system as claimed in claim 48, wherein said 
reconfiguring includes aggregating directory data for a multi-object entity. 

55. (Original) A directory system as claimed in claim 1, wherein the directory 
system is adapted to store selected portions of said directory data in respective regions of 
memory, and to store other portions of said directory data in backing store. 
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56. (Original) A directory system as claimed in claim 1, including a plurality 
of modules for accessing and managing said plurality of memory segments. 

57. (Original) A directory system as claimed in claim 56, including a statistical 
module for generating statistical data in relation to directory entries. 

58. (Original) A directory system as claimed in claim 56, including a 
monitoring module for monitoring one or more directory entries and for generating 
notification data in response to modification of a monitored directory entry. 

59. (Original) A directory system as claimed in claim 56, including a 
collective attributes module for segregating collective attributes of entries within a name 
space. 

60. (Original) A directory system as claimed in claim 56, including a 
validation module for validating one or more certificate paths. 

61. (Original) A directory system as claimed in claim 56, including a multi- 
object management module for processing two or more objects as an entity. 

62. (Original) A directory system as claimed in claim 61, wherein said two or 
more objects include a sponsoring object and one or more sponsored objects. 
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63. (Original) A directory system as claimed in claim 62, wherein said multi- 
object management module is adapted to automatically generate said one or more 
sponsored objects when a sponsoring object is generated. 

64. (Original) A directory system as claimed in claim 63, wherein said multi- 
object module is adapted to initialise attributes and access controls of said sponsored 
objects when a sponsoring object is generated. 

65. (Original) A directory system as claimed in claim 63, wherein said multi- 
object module is adapted to automatically generate one or more objects related to a user 
object when said user object is generated. 

66. (Currently Amended) A directory system as claimed in claim 65, wherein 
said user object-raay represents a user, and said one or more objects-may represent one or 
more services for said user. 

67. (Currently Amended) A directory system as claimed in claim 6#66, 
wherein said one or more services includes a presence service. 

68. (Original) A directory system as claimed in claim 56, including a user 
presence module for generating user presence data to indicate whether a user is using a 
directory. 
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69. (Currently Amended) A directory system as claimed in claim 6768, 
wherein said user presence module is adapted to generate one or more events in response 
to a change in said user presence data. 

70. (Original) A directory system as claimed in claim 56, including a service 
authorization module for determining whether a user is authorised to use one or more 
services. 

71 . (Original) A directory system as claimed in claim 70, wherein said service 
authorization module is adapted to perform said determining in response to a directory 
search. 

72. (Original) A directory system as claimed in claim 71 , wherein said 
directory search is based on an authorisation matching rule, service and device properties, 
and an authorisation token. 

73. (Original) A directory system as claimed in claim 56, including a relational 
search module for performing a distributed object relational search in response to a 
search query including relational operators. 

74-76. Cancelled. 
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77. (Original) A directory system as claimed in claim 74, including one or 
more messaging gateway modules for communicating with remote messaging systems 
using one or more messaging protocols. 

78. (Original) A directory system as claimed in claim 1, including at least one 
attribute processor adapted to store and process attribute data of a directory. 

79. (Original) A directory system as claimed in claim 78, wherein said 
attribute processor includes an application-specific integrated circuit. 

80. (Currently Amended) A directory system for providing dir e ctory servic e s 
in a communications network, the directory svst e m as claimed in claim 1 including one or 
more messaging modules for providing transactional messaging services to users. 

8 1 . (Original) A directory system as claimed in claim 80, wherein said 
transactional messaging services include at least one of email and instant messaging. 

82. (Original) A directory system as claimed in claim 80, wherein said one or 
more messaging modules are adapted to store message data as one or more objects in said 
directory. 

83. (Original) A directory system as claimed in claim 80, wherein said 
transactional messaging services are adapted to store a user's mail box and address book 
as objects in a directory. 
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84-101. Cancelled. 

102. (New) The directory system of claim 1, wherein said memory segments are 
virtual memory segments, said memory means including physical random access memory 
and backing store. 

103. (New) The directory system of claim 1, wherein said memory segments are 
configured as shared memory. 

104. (New) The directory system of claim 103, wherein the system is 
configured to execute a plurality of virtual machines configured to access said memory 
segments of said shared memory. 

105. (New) The directory system of claim 1, wherein the system is configured 
to dynamically create, destroy, and/or resize said memory segments. 

106. (New) A directory process for providing directory services in a 
communications network using stored directory objects, the directory process being 
executed by a computer system, and including: 

storing directory objects in computer memory as directory data, allocating portions 
of computer memory to provide memory segments dedicated to storage of corresponding 
subsets of directory data representing directory objects, said directory data including: 

attribute data representing attributes of said directory objects, 
directory information tree (DIT) data representing a hierarchical directory 
tree structure for said directory objects, and 

management data for managing said directory objects, 
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said memory segments including one or more attribute segments, each of said 
attribute segments being dedicated to storage of attribute data for a plurality of directory 
objects, one or more DIT segments, each of said DIT segments being dedicated to storage 
of DIT data for a plurality of directory objects, and one or more object segments, each of 
said object segments being dedicated to storage of management data for a plurality of 
directory objects, said management data including access control data for said plurality of 
directory objects. 

107. (New) A process as claimed in claim 104, wherein said memory segments 
are virtual memory segments. 

108. (New) A process as claimed in claim 106, including monitoring directory 
data stored in a plurality of memory segments; and redistributing at least a portion of said 
directory data in said plurality of memory segments based on said monitoring to improve 
performance of said directory services. 

109. (New) A process as claimed in claim 108, wherein said monitoring 
includes at least one of monitoring usage of said directory data, monitoring depth of a 
portion of a DIT, monitoring spread of a portion of a DIT, monitoring the number of 
instances of entities of said directory data, monitoring search times for said directory 
data, and monitoring the association of access control data with one or more directory 
objects. 

1 10. (New) A process as claimed in claim 109, wherein said entities include at 
least one of attributes, object classes, and directory objects. 
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111. (New) A process as claimed in claim 108, wherein said step of monitoring 
includes monitoring associations of access control data with portions of directory data, 
and said step of redistributing includes storing one or more portions of said directory data 
with one or more associated portions of said access control data. 

112. (New) A process as claimed in claim 111, wherein said monitoring 
includes determining that one or more access control identifiers applies to a portion of a 
DIT, and said redistributing includes storing said portion of said DIT with said one or 
more access control identifiers. 

113. (New) A process as claimed in claim 111, wherein said monitoring 
includes determining that one or more access control identifiers applies to instances of an 
attribute type, and said redistributing includes storing said instances of said attribute type 
with said one or more access control identifiers. 

1 14. (New) A process as claimed in claim 108, including generating at least one 
new memory segment and wherein said step of redistributing includes storing at least a 
portion of said directory data in said at least one new memory segment. 

115. (New) A process as claimed in claim 108, wherein said step of 
redistributing includes storing respective portions of said directory data stored in a 
memory segment in two or more memory segments. 

1 16. (New) A process as claimed in claim 108, wherein said step of 
redistributing includes selecting portions of said directory data stored in two or more 
memory segments and storing the selected portions into one memory segment. 
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1 17. (New) A process as claimed in claim 108, wherein said step of 
redistributing includes selecting object class information, access control information, and 
DIT structure information that applies to at least one portion of a DIT, storing the 
selected information in at least one object segment, and associating the selected 
information with at least a portion of at least one DIT segment corresponding to said at 
least one portion of said DIT. 

118. (New) A process as claimed in claim 108, including monitoring usage of 
remote directory data and storing at least a portion of said remote directory data in at least 
one local memory segment based on said usage to improve performance of said directory 
services. 

1 19. (New) A process as claimed in claim 108, wherein said redistributing 
includes redistributing directory data from a memory segment into two or more memory 
segments. 

120. (New) A process as claimed in claim 108, wherein said monitoring 
includes monitoring the number of instances of directory data in a memory segment. 

121. (New) A process as claimed in claim 108, wherein said monitoring 
includes monitoring search times for said directory data. 

122. (New) A process as claimed in claim 108, wherein said redistributing 
includes segregating directory data based on access frequencies for said directory data. 

123. (New) A process as claimed in claim 109, wherein said reconfiguring 
includes aggregating directory data for a multi-object entity. 
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1 24. (New) A directory system having components for executing the steps of 
claim 106. 

125. (New) A computer-readable storage medium having stored thereon 
computer program instructions for executing the steps of claim 106. 
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